| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Not available on Win32 and ancient unixes
|
|
|
|
|
| |
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
|
|
|
|
| |
Since older operating systems don't support setenv()
|
|
|
|
| |
For Win32 and older unixes
|
| |
|
|
|
|
|
|
|
| |
For clarity. In addition, make p11_dl_close() able to be used
as a destroyer callback.
Also make p11_dl_error() return an allocated string
|
| |
|
|
|
|
|
|
| |
Don't do library initialization on shared object load when not running
in a library. We'll want to plug into this and do different things
per library in the future.
|
| |
|
|
|
|
|
|
| |
* Build a script to help with this
https://bugs.freedesktop.org/show_bug.cgi?id=60792
|
|
|
|
|
| |
* All original lines in this file upon arrival in the p11-kit
project were written by me, and copyright held by me.
|
|
|
|
| |
* This is an unstable release
|
| |
|
|
|
|
|
| |
Enable installation of gettext translations and add German translation
by Chris Leick.
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60473
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60434
|
|
|
|
|
|
|
| |
And provide more intelligent error messages about why to build
with libtasn1
Tweaked by Stef Walter
|
|
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
| |
|
|
|
|
| |
* This is an unstable release
|
| |
|
|
|
|
|
| |
* All aliases must be lower case in order to work with the
default keystore implementation.
|
|
|
|
|
| |
* This is in cases where the certificate information does not
already have a friendly name or alias.
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Based on the gcr code
* Bring in base64 output code from BSD
* Make sure to output base64 lines of 64 character length since
this is what OpenSSL expects
|
|
|
|
|
|
| |
* The only formats supported are x509-file and x509-directory
Allow tool to build without extract
|
|
|
|
|
|
| |
* Implement atomic writes of files
* Writing with checks that not overwriting anything unless desired
* Writing and overwriting of directory contents in a robust way
|
| |
|
| |
|
|
|
|
| |
* So it can be used by other code, in addition to the trust stuff
|
|
|
|
| |
* Clears an array without freeing the array itself
|
|
|
|
|
|
| |
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities
based on the presence of BasicConstraints and/or v1 certificates
* Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the
parser is running for anchors or blacklist
* In addition support the concept of blacklisted certificates mixed
in with the anchors (without any purposes) since that's what exists
in the real world.
* We do this after the various hooks have had a chance to mess
with the certificate extensions and such.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This tells NSS that this is a source of anchors.
|
| |
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
The SHA-1 and MD5 digests here are used for checksums in legacy
protocols. We don't use them in cryptographic contexts at all.
These particular algorithms would be poor choices for that.
|
|
|
|
|
| |
We want to use p11_message in our commands anyway, since that
allows us control with --verbose and --quiet.
|
|
|
|
|
|
|
| |
* Unindent the main headings
* Don't wrap options
* Better spacing in table of contents
* Don't have line numbers on code examples
|
| |
|
| |
|